CVE-2022-35241 MEDIUM

CVE-2022-35241: NGINX Instance Manager vulnerability CVE-2022-35241

Vendor F5
Product NGINX Instance Manager
Weakness CWE-400
Published August 4, 2022
Last update September 16, 2024
View on NVD All CVEs

CVSS base score

6.5/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

Description

In versions 2.x before 2.3.1 and all versions of 1.x, when NGINX Instance Manager is in use, undisclosed requests can cause an increase in disk resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Key dates

Disclosure timeline

August 4, 2022 CVE published
September 16, 2024 Record updated